FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

p5-DBI -- insecure temporary file creation vulnerability

Affected packages
0 <= p5-DBI-137
p5-DBI < 1.37_1
1.38 <= p5-DBI < 1.48


VuXML ID 8cfb6f42-d2b0-11da-a672-000e0c2e438a
Discovery 2005-01-25
Entry 2006-04-23
Modified 2006-05-11

Javier Fernández-Sanguino Peña reports:

The DBI library, the Perl5 database interface, creates a temporary PID file in an insecure manner. This can be exploited by a malicious user to overwrite arbitrary files owned by the person executing the parts of the library.


Bugtraq ID 12360
CVE Name CAN-2005-0077